yahoo-eng-team team mailing list archive

[Edward Hope-Morley <1891673@xxxxxxxxxxxxxxxxxx>]

Public bug reported:

With Bionic Stein using dvr_snat if I add a floating ip to a vm then
remove the floating ip, the corresponding ip rules in the associated
qrouter ns local to the instance are not deleted which results in no
longer being able to reach the external network because packets are
still sent to the fip namespace (via rfp-/fpr-) e.g. in my compute host
running a vm whose address is 192.168.21.28 for which i have removed the
fip I still see:

# ip netns exec qrouter-5e45608f-33d4-41bf-b3ba-915adf612e65 ip rule list
0:      from all lookup local 
32765:  from 192.168.21.28 lookup 16 
32766:  from all lookup main 
32767:  from all lookup default 
3232240897:     from 192.168.21.1/24 lookup 3232240897 
3232241231:     from 192.168.22.79/24 lookup 3232241231

And table 16 leads to:

# ip netns exec qrouter-5e45608f-33d4-41bf-b3ba-915adf612e65 ip route show table 16
default via 169.254.109.249 dev rfp-5e45608f-3

Which results in the instance no longer being able to reach the external
network (packets are never sent to the snat- ns in my case).

The workaround is to delete that ip rule but neutron should be taking
care of this. Looks like the culprit is in
neutron/agent/l3/dvr_local_router.py:floating_ip_removed_dist

Note that the NAT rules were successfully removed from iptables so looks
like it is just this bit that is left behind.

** Affects: neutron
     Importance: Undecided
         Status: New


** Tags: sts

** Tags added: sts

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1891673

Title:
  qrouter ns ip rules not deleted when fip removed from vm

Status in neutron:
  New

Bug description:
  With Bionic Stein using dvr_snat if I add a floating ip to a vm then
  remove the floating ip, the corresponding ip rules in the associated
  qrouter ns local to the instance are not deleted which results in no
  longer being able to reach the external network because packets are
  still sent to the fip namespace (via rfp-/fpr-) e.g. in my compute
  host running a vm whose address is 192.168.21.28 for which i have
  removed the fip I still see:

  # ip netns exec qrouter-5e45608f-33d4-41bf-b3ba-915adf612e65 ip rule list
  0:      from all lookup local 
  32765:  from 192.168.21.28 lookup 16 
  32766:  from all lookup main 
  32767:  from all lookup default 
  3232240897:     from 192.168.21.1/24 lookup 3232240897 
  3232241231:     from 192.168.22.79/24 lookup 3232241231

  And table 16 leads to:

  # ip netns exec qrouter-5e45608f-33d4-41bf-b3ba-915adf612e65 ip route show table 16
  default via 169.254.109.249 dev rfp-5e45608f-3

  Which results in the instance no longer being able to reach the
  external network (packets are never sent to the snat- ns in my case).

  The workaround is to delete that ip rule but neutron should be taking
  care of this. Looks like the culprit is in
  neutron/agent/l3/dvr_local_router.py:floating_ip_removed_dist

  Note that the NAT rules were successfully removed from iptables so
  looks like it is just this bit that is left behind.

To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1891673/+subscriptions